


课题编号:   Smwx14122                     


主 持 人:     张侯军                       

所在单位:    神木县第五小学                

填表日期:     20##年5月                  







题 目 教学辅助软件设计 专 业 计算机科学与技术 班 级 06级一班 学 生 指导教师 鲁 云 平



目 录

第一部分: 毕业设计任务书 第二部分:


第四部分: 开 题 文 献 外 文 报 告 综 述 翻 译



题 目 教学辅助软件设计

(任务起止日期 2010 年 3 月 10 日~ 20xx年 6 月 15 日)

学生姓名 吴政 学 号 06060125 指导教师 鲁云平 教研室主任 院 领 导


注:1. 此任务书应由指导教师填写。

2. 此任务书最迟必须在毕业设计开始前一周下达给学生。



注:1. 此表由指导教师填写;

2. 此表每个学生一份,作为毕业设计(论文)检查工作进度之依据; 3. 进度安排请用“—”在相应位置画出。



注:1. 此表应由教师认真填写;

2. “组织纪律”一栏根据学生具体执行情况如实填写;

3. “完成任务情况”一栏按学生是否按进度保质保量完成任务的情况填写;

4. 对违纪和不能按时完成任务者,指导教师可根据情节轻重对该生提出警告或不能参加答辩的建议。




题 目 教学辅助软件设计 专 业 计算机科学与技术 班 级 06级1班 学 号 06060125 学 生 吴 政 指导教师 鲁 云 平



一、 选题目的的理论价值和现实意义



二、 本课题在国内外的研究状况及发展趋势






























3、可视化编辑,操作简单,使用方便,对人员技术要求低,系统成本低, 系统改版容易,扩展能力强,便于信息的深加工利用。


[1] 陈明.软件工程实用教程.北京:电子工业出版社,2004

[2] 扎卡司.JavaScript 高级程序设计——图灵程序设计丛书.北京:人民邮电出版社,2006

[3] 内格尔.C#高级编程(第6版).北京:清华大学出版社,2008

[4] 马骏.C#网络应用高级编程.北京:人民邮电出版社 ,2006

[5] 盖天宇,孙明丽.ASP数据库系统开发案例精选.北京:清华大学出版社,2006

[6] 吴明辉,窦亮. ASP网络办公及商务应用系统开发实例导航.北京:人民邮电出版社,2003

[7] 麦克唐纳博思工作室.Asp.Net 3.5高级程序设计(第二版).北京:人民邮电出版社,2008.

[8] 本-甘,科勒,萨卡.SQL Several 2005 技术内幕T-SQL查询.北京:电子出版社,2008

[9] 维埃拉.SQL Several 2005高级程序设计.北京:人民邮电出版社,2008

[10] 施伟伟,王敬栋.ASP.NET 2.0数据库通用模块开发与系统移植.北京:清华


[11] Perry.M. Aspects of western civilization. Prentice-Hall, Inc. 1997

[12] James D. Wilson. The information management system[EB/OL]. 2007



指导教师: 负责人:




题 目 教学辅助软件设计 专 业 计算机科学与技术

班 级

学 号 06060125

学 生

指导教师 鲁 云 平

外文出处附 件 1.外文资料翻译译文;2.外文原文




用ASP.NET在开发WEB应用程序的时候,我们需要的可能是一些有关如何在ASP.NET 应用程序中实现安全性的实际建议。但是我们可以说,没有任何开发平(包括ASP.NET在内)能够保证一旦采用了该平台,您就能够编写百分百安全的代码。好消息是,就 ASP.NET 来说,ASP.NET集成了一些便于使用的内置防御屏障。

光是应用所有这些功能并不足以保护 Web 应用程序,使其免受任何可能和可预见的攻击。但是,如果与其他防御技巧和安全策略相结合,内置的 ASP.NET 功能将可以构成一个强大的工具包,有助于确保应用程序在安全的环境中运行。

Web 安全性是各种因素的总和,是一种范围远超单个应用程序的策略的结果,这种策略涉及数据库管理、网路配置、社会工程等。

本文的目的在于说明 ASP.NET 开发人员为了将安全标准保持到合理的高度,所应始终坚持的做法。这也就是安全性最主要的内容:保持警惕,永不完全放松,让坏人越来越难以发起黑客攻击。

表1为从网上搜集整理的 Web 攻击类型,以及应用程序中可能导致这些攻击得手的缺陷。



编写 ASP.NET 应用程序时,您并不是独自面对黑客大军:唯一的武器是通过自己的大脑、技能和手指键入的代码行。ASP.NET都会施加援手,它们具有一些特定的功能,可以自动提高防御以上列出的某些威胁的屏障。下面我们对它们进行详细的检视。


1) ViewStateUserKey

从 ASP.NET 1.1 开始引入,ViewStateUserKey 是 Page 类的一个字符串属性,只有很少数开发人员真正熟悉该属性。为什么呢?让我们看看文档中是怎么说的:在与当前页相关联的视图状态变量中将一个标识符分配给单个用户。

该属性有助于防止一次单击攻击,因为它提供了附加的输入以创建防止视图状态被篡改的哈希值。一次单击攻击包括将恶意的 HTTP 表单张贴到已知的、易受攻击的 Web 站点。之所以称为“一次单击”,是因为它通常是以受害者不经意的单击通过电子邮件发送的或者在拥挤的论坛中浏览时发现的诱惑性链接而开始的。通过点击该链接,用户无意中触发了一个远程进程,最终导致将恶意的 <form> 提交到一个站点。大家都坦白些吧:您真能告诉我,您从未因为好奇而单击过“点我”这样的链接吗?显然,并没有什么糟糕的事情发生在您身上。让我们假定的确是这样的;您能说 Web 社区中的所有其他人都幸免于难了吗?

2) 数据库角度

SQL 注入是另一种广为人知的攻击类型,它利用的是使用未筛选的用户输入来形成数据库命令的应用程序。如果应用程序兴高采烈地使用用户键入表单域中的内容来创建 SQL 命令字符串,就会将您暴露在这一风险下:恶意用户只需访问该页并输入欺诈参数,就可以修改查询的性质。要阻止 SQL 注入攻击,有许多方法。以下介绍最常见的技巧:

? 确保用户输入属于适当的类型,并遵循预期的模式(邮政编码、身份证号,电子邮件等)。如果预期来自文本框的数字,请在用户输入无法转换为数字的内容时阻止该请求。

? 使用 SQL Server 权限来限制各个用户可以对数据库执行的操作。例如,您可能需要禁用 xp_cmdshell 或者将该操作的权限仅限于管理员。

? 使用参数化的查询,使用存储过程更好。

? 如果使用存储过程,可以显著降低发生这种攻击的可能性。实际上,有了存储过程,您就无需动态地撰写 SQL 字符串。此外,SQL Server 中将验证所有参数是否具有指定的类型。虽然光是这些并不是百分百安全的技巧,但是加上验证的话,将足以提高安全性。

? 使用尽可能少的权限运行,永远不以“sa”身份执行代码,不通过字符串串连来生成语句,不回显数据库错误。


3) 隐藏域

在传统的 ASP 中,隐藏域是唯一一种在请求之间保持数据的方法。您需要在下一个请 16

求中检索的任何数据都被打包到隐藏的 <input> 域中,并执行回程。如果有人在客户端上修改了该域中存储的值,会怎样?只要文本是明文的,服务器端环境就无法测知这一情况。ASP.NET 中,页和各个控件的 ViewState 属性有两个用途。一方面,ViewState 是跨请求保持状态的方法;另一方面,ViewState 使您能够在受保护的、不易篡改的隐藏域中存储自定义值。


4) 总结

除了上述以外,ASP.NET的安全机制还设计到了Cookie身份验证、会话劫持等领域。有人怀疑 Web 可能是所有运行时环境中敌意最盛的吗?根源在于谁都可以访问 Web 站点,并尝试向它传递好的或坏的数据。但是,创建不接受用户输入的 Web 应用程序,又有什么意义呢?

ASP.NET 应用程序与其他 Web 应用程序相较,既不更易受攻击,也不更安全。安全性和漏洞同样根植于编码实践、实际经验和团队合作。如果网络不安全,那么任何应用程序都不安全;类似地,无论网络如何安全,管理如何精良,如果应用程序存在缺陷,攻击者总是能够得手,安全性成为了WEB开发必须考虑的因素,研究生培养管理信息系统也不例外。 主要参考文献

[1] 孔璐等. 数据库基础与应用[M]. 北京: 国防工业出版社,2006

[2] 王庆育. 软件工程[M]. 北京: 清华大学出版社,2004

[3] 萨师煊、王珊. 数据库系统概论(第二版)[M]. 北京:高等教育出版社,2001

[4] (美)考夫曼,(美)唐格勒西纳姆. ASP.NET 2.0数据库入门经典(第4版)[M],肖奕 译.

北京: 清华大学出版社,2006

[5] 施燕妹 陈培 陈发吉等. C#语言程序设计教程[M]. 北京: 中国水利水电出版社,2005

[6] Michael Mahemoff. Ajax Design Patterns. United StatesO'Reilly Media Inc, 2006

[7] Matthew MacDonald. Beginning ASP.NET 2.0 in C# 2005 From Novice to Professional

Springer-Verlag. New York:O'Reilly Media Inc,2006

[8] 李勇平 陈峰波. ASP.NET --C#篇[M]. 北京: 基础教程清华大学出版社,2006

[9] 史济民等. 软件工程――原理,方法与应用[M]. 北京: 高教出版社,2003

[10]白尚旺. PowerDesigner数据库建模技术[M]. 西安: 西安电子科大,2006

[11](美)伊夫杰等. ASP.NET 2.0高级编程(第4版)[M],李敏波 译. 北京: 清华大学出





题 目 教学辅助软件设计 专 业 计算机科学与技术

班 级 06级1班

学 号 06060125

学 生 吴 政

指导教师 鲁 云 平









根据定义,一个“Internet”应该由四或者更多的计算机连接起来的网络。 ARPAnet是通过一种叫TCP/IP的协议实现连网工作的。此协议最基础的工作原理是:如果信息在网络中的一条路径发送失败,那么它将找到其他路径进行发送,就好象建立一种语言以便一台计算机与其他计算机“交谈”一样,但不注意它是PC,或是Macintosh。





















4、路由器发送或接受数据。它将一小段数据分别打包,形成数据报,就像包裹一样。因此,当请求网页浏览是,就用TCP/IP协议告诉路由器如何处理这些数 1


























世界各地有数百万的网页,那么你如何知道哪个网页的地址是你需要的呢? 搜索工具能节约时间。搜索工具是一个非常庞大的网站,它使你能够搜寻它自有的网站数据库。


1. Altavista (http://www.) - Web spider & Indexed

2. Yahoo () - Web spider & Indexed Collection

3. Excite () - Web spider & Indexed

4. Lycos () - Web spider & Indexed

5. Metasearch () - Multiple search



Metasearch 同时搜索许多搜索引擎,从十个引擎中找出最上面的搜索结果,使得搜索变得有效很多。一旦你能够使用搜索引擎,你就能有效的找到你要的网页。伴随着网络系统和多用户系统时代的来临,安全总是系统开发和系统操作人员考虑的问题。





加强安全有很多方法,如密码保护,一种最重要的措施:加密。加密指将数据搅乱成只能在另一终端才能译出的密码。像Netscape Communicator和Internet Explore这样的浏览器为在线传递提供了特色的加密支持。





The History of the Internet

The Beginning - ARPAnet

The Internet started as a project by the US government. The object of the project was to create a means of communications between long distance points, in the event of a nation wide emergency or, more specifically, nuclear war. The project was called ARPAnet, and it is what the Internet started as. Funded specifically for military communication, the engineers responsible for ARPANet had no idea of the possibilities of an "Internet."

By definition, an 'Internet' is four or more computers connected by a network.

ARPAnet achieved its network by using a protocol called TCP/IP. The basics around this protocol was that if information sent over a network failed to get through on one route, it would find another route to work with, as well as establishing a means for one computer to "talk" to another computer, regardless of whether it was a PC or a Macintosh.

By the 80's ARPAnet, just years away from becoming the more well known Internet, had 200 computers. The Defense Department, satisfied with ARPAnets results, decided to fully adopt it into service, and connected many military computers and resources into the network. ARPAnet then had 562 computers on its network. By the year 1984, it had over 1000 computers on its network.

In 1986 ARPAnet (supposedly) shut down, but only the organization shut

down, and the existing networks still existed between the more than 1000

computers. It shut down due to a failied link up with NSF, who wanted to

connect its 5 countywide super computers into ARPAnet.

With the funding of NSF, new high speed lines were successfully installed

at line speeds of 56k (a normal modem nowadays) through telephone lines

in 1988. By that time, there were 28,174 computers on the (by then decided) Internet. In 1989 there were 80,000 computers on it. By 1989, there were 290,000.

Another network was built to support the incredible number of people


joining. It was constructed in 1992.

Today - The Internet

Today, the Internet has become one of the most important technological advancements in the history of humanity. Everyone wants to get 'on line' to experience the wealth of information of the Internet. Millions of people now use the Internet, and it's predicted that by the year 2003 every single person on the planet will have Internet access. The Internet has truly become a way of life in our time and era, and is evolving so quickly its hard to determine where it will go next, as computer and network technology improve every day.


It's a standard thing. People using the Internet. Shopping, playing games,conversing in virtual Internet environments.

The Internet is not a 'thing' itself. The Internet cannot just "crash." It functions the same way as the telephone system, only there is no Internet company that runs the Internet.

The Internet is a collection of millioins of computers that are all connected to each other, or have the means to connect to each other. The Internet is just like an office network, only it has millions of computers connected to it.

The main thing about how the Internet works is communication. How does a computer in Houston know how to access data on a computer in Tokyo to view a webpage?

Internet communication, communication among computers connected to the Internet, is based on a language. This language is called TCP/IP. TCP/IP establishes a language for a computer to access and transmit data over the Internet system.

But TCP/IP assumes that there is a physical connecetion between one computer and another. This is not usually the case. There would have to be a network wire that went to every computer connected to the Internet, but that would make the Internet impossible to access.

The physical connection that is requireed is established by way of modems,phonelines, and other modem cable connections (like cable modems or DSL). 7

Modems on computers read and transmit data over established lines,which could be phonelines or data lines. The actual hard core connections are established among computers called routers.

A router is a computer that serves as a traffic controller for information.

To explain this better, let's look at how a standard computer might view a webpage.

1. The user's computer dials into an Internet Service Provider (ISP). The ISP might in turn be connected to another ISP, or a straight connection into the Internet backbone.

2. The user launches a web browser like Netscape or Internet Explorer and types in an internet location to go to.

3. Here's where the tricky part comes in. First, the computer sends data about it's data request to a router. A router is a very high speed powerful computer running special software. The collection of routers in the world make what is called a "backbone," on which all the data on the Internet is transferred. The backbone presently operates at a speed of several gigabytes per-second. Such a speed compared to a normal modem is like comparing the heat of the sun to the heat of an ice-cube.

Routers handle data that is going back and forth. A router puts small chunks of data into packages called packets, which function similarly to envelopes. So, when the request for the webpage goes through, it uses TCP/IP protocols to tell the router what to do with the data, where it's going, and overall where the user wants to go.

4. The router sends these packets to other routers, eventually leading to the target computer. It's like whisper down the lane (only the information remains intact).

5. When the information reaches the target web server, the webserver then begins to send the web page back. A webserver is the computer where the webpage is stored that is running a program that handles requests for the webpage and sends the webpage to whoever wants to see it.

6. The webpage is put in packets, sent through routers, and arrive at the users computer where the user can view the webpage once it is assembled.

The packets which contain the data also contain special information that lets routers and other computers know how to reassemble the data in the right order.

With millions of web pages, and millions of users, using the Internet is not always 8

easy for a beginning user, especially for someone who is not entirely comfortale with using computers. Below you can find tips tricks and help on how to use main services of the Internet.

Before you access webpages, you must have a web browser to actually be able to view the webpages. Most Internet Access Providers provide you with a web browser in the software they usually give to customers; you. The fact that you are viewing this page means that you have a web browser. The top two use browsers are Netscape Communicator and Microsoft Internet Explorer. Netscape can be found at

The fact that you're reading this right now means that you have a web browser.

Next you must be familiar with actually using webpages. A webpage is a collection of hyperlinks, images, text, forms, menus, and multimedia. To "navigate" a webpage, simply click the links it provides or follow it's own instructions (like if it has a form you need to use, it will probably instruct you how to use it). Basically, everything about a webpage is made to be self- explanetory. That is the nature of a webpage, to be easily navigatable.

"Oh no! a 404 error! 'Cannot find web page?'" is a common remark made by new web-users.

Sometimes websites have errors. But an error on a website is not the user's fault, of course.

A 404 error means that the page you tried to go to does not exist. This could be because the site is still being constructed and the page hasn't been created yet, or because the site author made a typo in the page. There's nothing much to do about a 404 error except for e-mailing the site administrator (of the page you wanted to go to) an telling him/her about the error.

A Javascript error is the result of a programming error in the Javascript code of a website. Not all websites utilize Javascript, but many do. Javascript is different from Java, and most browsers now support Javascript. If you are using an old version of a web browser (Netscape 3.0 for example), you might get Javascript errors because sites utilize Javascript versions that your browser does not support. So, you can try getting a newer 9

version of your web browser.

E-mail stands for Electronic Mail, and that's what it is. E-mail enables people to send letters, and even files and pictures to each other.

To use e-mail, you must have an e-mail client, which is just like a personal post office, since it retrieves and stores e-mail.

Secondly, you must have an e-mail account. Most Internet Service Providers provide free e-mail account(s) for free. Some services offer free e-mail, like Hotmail, and Geocities.

After configuring your e-mail client with your POP3 and SMTP server address (your e-mail provider will give you that information), you are ready to receive mail.

An attachment is a file sent in a letter. If someone sends you an attachment and you don't know who it is, don't run the file, ever. It could be a virus or some other kind of nasty programs. You can't get a virus just by reading e-mail, you'll have to physically execute some form of program for a virus to strike.

A signature is a feature of many e-mail programs. A signature is added to the end of every e-mail you send out. You can put a text graphic, your business information, anything you want.

Imagine that a computer on the Internet is an island in the sea. The sea is filled with millions of islands. This is the Internet. Imagine an island communicates with other island by sending ships to other islands and receiving ships. The island has ports to accept and send out ships.

A computer on the Internet has access nodes called ports. A port is just a symbolic object that allows the computer to operate on a network (or the Internet). This method is similar to the island/ocean symbolism above.

Telnet refers to accessing ports on a server directly with a text connection. Almost every kind of Internet function, like accessing web pages,"chatting," and e-mailing is done over a Telnet connection.

Telnetting requires a Telnet client. A telnet program comes with the Windows system, so Windows users can access telnet by typing in "telnet" (without the "'s) in the run dialog. Linux has it built into the command line; telnet. A popular telnet program for 10

Macintosh is NCSA telnet.

Any server software (web page daemon, chat daemon) can be accessed via telnet, although they are not usually meant to be accessed in such a manner. For instance, it is possible to connect directly to a mail server and check your mail by interfacing with the e-mail server software, but it's easier to use an e-mail client (of course).

There are millions of WebPages that come from all over the world, yet how will you know what the address of a page you want is?

Search engines save the day. A search engine is a very large website that allows you to search it's own database of websites. For instance, if you wanted to find a website on dogs, you'd search for "dog" or "dogs" or "dog information." Here are a few search-engines.

1. Altavista (http://www.) - Web spider & Indexed

2. Yahoo () - Web spider & Indexed Collection

3. Excite () - Web spider & Indexed

4. Lycos () - Web spider & Indexed

5. Metasearch () - Multiple search

A web spider is a program used by search engines that goes from page to page, following any link it can possibly find. This means that a search engine can literally map out as much of the Internet as it's own time and speed allows for.

An indexed collection uses hand-added links. For instance, on Yahoo's site. You can click on Computers & the Internet. Then you can click on Hardware. Then you can click on Modems, etc., and along the way through sections, there are sites available which relate to what section you're in.

Metasearch searches many search engines at the same time, finding the top choices from about 10 search engines, making searching a lot more effective.

Once you are able to use search engines, you can effectively find the pages you want. With the arrival of networking and multi user systems, security has always been on the mind of system developers and system operators. Since the dawn of AT&T and its phone network, hackers have been known by many, hackers who find ways all the time of breaking into systems. It used to not be that big of a problem, since networking was 11

limited to big corporate companies or government computers who could afford the necessary computer security.

The biggest problem now-a-days is personal information. Why should you be careful while making purchases via a website? Let's look at how the internet works, quickly.

The user is transferring credit card information to a webpage. Looks safe, right? Not necessarily. As the user submits the information, it is being streamed through a series of computers that make up the Internet backbone. The information is in little chunks, in packages called packets. Here's the problem: While the information is being transferred through this big backbone, what is preventing a "hacker" from intercepting this data stream at one of the backbone points?

Big-brother is not watching you if you access a web site, but users should be aware of potential threats while transmitting private information. There are methods of enforcing security, like password protection, an most importantly, encryption.

Encryption means scrambling data into a code that can only be unscrambled on the "other end." Browser's like Netscape Communicator and Internet Explorer feature encryption support for making on-line transfers. Some encryptions work better than others. The most advanced encryption system is called DES (Data Encryption Standard), and it was adopted by the US Defense Department because it was deemed so difficult to 'crack' that they considered it a security risk if it would fall into another countries hands.

A DES uses a single key of information to unlock an entire document. The problem is, there are 75 trillion possible keys to use, so it is a highly difficult system to break. One document was cracked and decoded, but it was a combined effort of 14,000 computers networked over the Internet that took a while to do it, so most hackers don't have that many resources available.

